Tag Archives: internet



April 8 / Computing

Is the Electronic Communications Privacy Act Constitutional: Fourth Amendment Concerns

By: Matthew Lumpkin

 

History and Introduction:

Interpretation of the Fourth Amendment, which protects against unreasonable searches and seizures,[1] was relatively straightforward with regard to communication when a citizen’s only concern was with the Government intercepting their correspondences sent via post.[2] Since then, Courts have struggled to properly interpret the Fourth Amendment with respect to modern forms of communication. The Government inevitably seems to find ways to monitor these new forms of communication but laws limiting such government intervention lag behind the fast-moving technology.

The Wiretapping Act of 1968, which dealt primarily with the warrantless interception of communications via telephone became quickly outdated as computers became more prevalent.[3] In order to respond to the woefully outdated nature of the Wiretapping Act, the Office of Technological Advancements released a report calling for new legislation that would properly address the new forms of electronic communication. In 1986, Senators Leahy and Mathias introduced the Electronic Communications Privacy Act (“ECPA”), which was designed to clarify the standards for the obtainment of electronic records and communications while protecting the privacy rights of users.[4] The ECPA is composed of three titles: the Wiretapping Act,[5] the Stored Communications Act (“SCA”),[6] and the Pen Register Statute.[7]

The Wiretapping Act and the Pen Register Statute are not without their faults, but the more controversial part of the ECPA is the SCA. The SCA deals with stored electronic communications of any kind. It divides computer services into electronic communication services (“ECS”) and remote computing services (“RCS”).[8]  In order to access ECS, the Government must receive a search warrant based on probable cause for communications that are 180 days old or fewer.[9] For communications that are more than 180 days old, then the Government need only obtain a subpoena or a court order with a burden of proof that is less than probable cause.[10] This 180-day cutoff is based on the fact that the storage of electronic communications was extremely expensive when the ECPA was first enacted almost 30 years ago.[11] The Government does not need a warrant to access RCS.[12]

 

The Fourth Amendment and the SCA: A Delicate Dance:

There are multiple concerns that the SCA cannot be squared with the Fourth Amendment. First, the 180-day cutoff seems arbitrary.[13] An email does not lose its importance or privity on day 181 such that it no longer deserves constitutional protection. Courts have not addressed the concerns raised by this arbitrary number. They instead choose to rely on the reasonable expectation standard, which asks whether or not the plaintiff had a reasonable expectation of privacy with regards to the communication.[14] Other courts simply suggest that the defendant, whose communications were taken without warrant or probable cause, should seek the exclusionary remedy,[15] which is when a defendant would argue that the evidence obtained by the search should not be admitted in court. Illinois v. Krull made it clear that the exclusionary remedy is unsatisfactory. There, the court created a good faith exception to the exclusionary remedy when law enforcement officials are laboring under a constitutionally questionable statute while they commit the search and seizure in question, which practically rules out such a remedy.[16] The Fourth Circuit en banc suggested that if the exclusionary rule is not a viable remedy, then the plaintiff can attempt to bring a Bivens action, suing the Government. However, as the defendant in this case rightly points out, it is unlikely that many plaintiffs will succeed in such an action.[17]

Another concern regards the scope of the search and seizure. The Fourth Amendment requires a warrant that is particular as to what will be searched and possibly seized.[18] Without requiring a warrant, which the SCA does not for RCS or for ECS communications which are 181 days or older, it is nearly impossible to ensure particularity. It seems that any communication is fair game.[19] This gaping loophole lays in stark contrast to the Wiretapping Act, which proposed minimizing intrusion, by allowing law enforcement officials to listen only to conversations related to the investigation.[20]

In addition to the Government accessing all of the communications they want, they also have a 90-day window within which they have to inform someone that the Government is obtaining their electronic communications. Essentially, the Government can read someone’s personal and secretive communications for 90 days without that person being the wiser.[21] The requirements for obtaining this privilege of monitoring are that notifying the suspect creates the risk of: “(A) endangering the life or physical safety of an individual; (B) flight from prosecution;  (C) destruction of or tampering with evidence; (D) intimidation of potential witnesses; or (E) otherwise seriously jeopardizing an investigation or unduly delaying a trial.”[22] It would seem that all criminal investigations meet at least one of these standards.

Despite these concerns, the Supreme Court is yet to take a case that addresses the constitutionality of the SCA. The lower courts that address these concerns, address them through an opaque lens that is warped either by judicial deference to the Legislature, or by the reasonable expectation standard.[23] It is a delicate dance, and no one wants to step on anyone else’s toes.

 

Proposed Reforms And Critique:

Not all is doom and gloom. Senators Leahy and Lee have introduced a bill with possible reforms to the SCA. The third section of the proposed bill eliminates the 180-day cutoff all together and requires a search warrant based on probable cause for all searches and seizures from both ECS and RCS. This section also states that the Government must provide notice to the suspect and a copy of the search warrant within 10 business days for a law enforcement agency, and three for other agencies, with exceptions laid out in section four.

Section four deals with delayed notice. It states that the Government can obtain a court order delaying notification for up to 180 days if it is a law enforcement agency and 90 days if it is another type of agency. The court may tack on 180-day or 90-day periods with subsequent court orders.

The final reform proposed in the bill is listed in section five and it suggests that the Government Accountability Office—the “watchdog” of Congress—do an evaluation. This evaluation would take a look at various data: how often law enforcement relied on SCA to obtain electronic communications, the average length of time it takes for a service provider to comply with requests, the number of times a warrant was used to obtain the information, and how often notice was delayed. This section also asks the Comptroller General to monitor whether or not the new warrant requirement has had any effects.[24]

Although these reforms do touch on some critical points of controversy, such as the warrant requirement, the scope issue, and the ECS-RCS distinction, there is room still for further changes to the SCA. The notice requirement has not been amended to correctly mirror notions of fairness. Third-party service providers have to notify the Government three business days before they inform the consumer, if they decide they’d like to inform the consumer in the first place, of Government monitoring. This allows the Government enough time to go back to the judge they got the original court order from, and get another one extending the period of delay in notice. The reforms also extend the amount of time the Government can delay providing notice, and so by stacking court orders a user could be spied on for a year (two court orders) before they even knew that there communications were being monitored.

The SCA still has a ways to go before it accurately mirrors the technological landscape and the concepts of fairness and privacy that flow through the fabric of modern society. One wonders when the delicate dance will end. Will the Supreme Court finally decide the constitutionality of the Act, or will the reforms come to pass so that the difficult question does not have to be answered? Some commentators suggest that the entire SCA should be repealed and then new legislation that fits more with society as it is, not as it once was and that can be reconciled with the Constitution should be enacted. With technology advancing so much faster than the Legislature passes reforms, while the Judiciary continues to sidestep, one wonders whether or not the SCA can survive another three decades before it must be reformed again. The answer seems to be, probably not.

 


 

[1] U.S. Const. amend. IV.

[2] See Generally Ex parte Jackson, 96 U.S. 727 (1877)

[3] United States v. Seidliz, 589 F.2d 152, 157-58 (holding that former employee of government agency who was deemed a spy could not rely on Wiretapping Act because electronic communications were not aural and stored ones were not being transmitted).

[4] Electronic Communications Privacy Amendments Act of 2013, S.R. 113-34, 113th Cong.

[5] 18 U.S.C. §§2510-22.

[6] Id. at §§ 2701-12.

[7] Id. at §§ 3121-27.

[8] Id. at §§ 2703(b)(1) and (2)

[9] Id. at §§ 2703(a)

[10] Id. at §§2703(d)

[11] Orin S. Kerr, The Next Generation Communications Privacy Act, 162 U. Pa. L. Rev. 373, 391 (2014)

[12] See 18 U.S.C. §§ 2703(b)(1)(B)(ii)

[13] See Alexander Scolnik, Protections for Electronic Communications: The Store Communications Act and the Fourth Amendment, Fordham L. Rev. 349, 377 (2009) (suggesting that 180 day cutoff is based on outdated understanding of email usage).

[14] See Katz v. United States, 389 U.S. 347, 361 (Harlan, J., concurring).

[15] Warshak v. United States, 532 F.3d 521, 528 (6th Cir. 2008) (en banc)

[16]See 480 U.S. 340, 349-353

[17] Warkshak, 532 F.3d at 532. The court admits that Bivens claims may not settle constitutional validity inquiry (Citing Scott v. Harris, 550 U.S. 372, 378 (2007)).

[18] US. Const. amend. IV.

[19] See 18 U.S.C. §2702(c). Vaguely referencing the divulging of “a record or other information”.

[20] Kerr supra note 11, at 383.

[21] 18 U.S.C. §§2705(d)

[22] Id. at §2705(a)(2)

[23] See generally Warshak v. United States, 532 F.3d 521(Martin, J., dissenting).

[24] See generally Electronic Communications Privacy Amendments Act of 2013, S.R. 113-34, 113th Cong. p. 8-9

March 25 / Computing, Other Intellectual Property

Can We Really Have a Right to be Forgotten?

In May 13, 2014 the Court of Justice of the European Union (ECJ) held in Google Spain v. Agencia Española de Protección de Datos that search engines must consider requests from individuals to remove links that reference the name of the requesting individual.[1] Across the Atlantic, just a year before, the California legislature passed SB 568.[2] In its own words, the bill grants “privacy rights to California minors in the digital world.[3] In doing so, California became the first American state to require website operators to allow minors to remove information that they had previously posted to a website.[4] Together, these developments represent a movement toward recognition of the right to erase personal information from the Internet – more widely known as the “right to be forgotten.”  The recognition of these rights is controversial; it has not been, and perhaps could not be, universal. American freedom of speech jurisprudence, for example, is especially strong and could be fatal to domestic establishment of a similar right.

This tradition, however, has not deterred California from enacting its own right to be forgotten, albeit abridged and targeted towards minors. SB 568, dubbed the “eraser law” by the media, reflects California’s status as a leader in data privacy law.[5]  Section 22581(a)(1) stipulates that website operators shall “permit [minors] to remove or request and obtain removal of content or information posted on the [website]”, as well as provide notice of such ability and clear instruction on how to do so.[6] Section 22581(b)(1)-(5) lists exceptions- most importantly, for information that is required by federal or state law to be disclosed, content posted by third parties on such websites, information that is anonymized, and for minors that are compensated for the content they pose.[7]

Domestic U.S. groups including the Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT) have been critical of both the Google Spain v. AEPD ruling and SB 568.[8] Citing concerns ranging from implementation and practicality to structural and rights-based issues, these criticisms highlight the complex nature of the discussion on digital rights – an area in which practicality, in both pragmatically and technically, intertwine with conceptual rights. However, complexity should not deter an important discussion. The advent of practices such as doxxing (the broadcasting of personal identifiable information about individuals), cyber-bullying, cyber-stalking, and other attacks unique to the data on the Internet have given rise to this discussion. Consequently, we must ask whether the “right to be forgotten” is the right solution to these problems.

Broadly, the issue with the right to be forgotten is that it is essentially a limit on the corner stone human right to freedom of expression.[9] Of course, this is not an absolute right: even the exceptionally strong American tradition, stemming from the First Amendment, bears certain exceptions: libel and slander, incitement, obscenity, child pornography, threats, and fighting words.[10] Similarly, the rights enjoyed by public actors and certain types of broadcaster are also not given the same breadth of speech rights.[11] These exceptions to the American constitutional right to speech is reflective of value decisions made over centuries balancing free speech against a broad number of other competing interests. Other democracies have opted to carve out more exceptions.[12] For example, in the Canadian legal tradition, freedom of expression is not absolute, and is subject to “reasonable limits.”[13] Such limits must take into account that some versions of speech are “more central to constitutional guarantees than others.”[14] Ultimately, a discussion about limiting free speech requires inquiry into the type of speech it is, and cannot reasonably be a blanket ban.

In Google Spain v. AEPD, the ECJ ruled that Google (and other search engine providers) have a responsibility to delete links concerning personal information upon request as long as the links are not relevant or in the public interest. In response to the ruling, Google has been complying with takedown requests by weighing each on a case-by-case basis, balancing the “right to be forgotten [with] the public’s right to the information.”[15]

However, the AEPD ruling gave Google no real instruction on how to comply with the requests. Google has essentially had to create their own process on how to obey the takedown requests, in which the company attempts to balance the public’s right by categorizing the individual as a private or a public individual, and then categorizing the information based off of its weaker or stronger privacy interest.[16] It seems absurd that a private institution is essentially given the responsibility of setting their own guidelines for the takedown requests, considering that the ECJ ruling essentially asks Google to balance deeply important human rights in their processing of these requests.[17] The CDT published an article criticizing the right to be forgotten, arguing “it is the role of legislatures and ultimately to ensure that human rights are protected and respected [and] to address conflicts where they arise between right.”[18]

The Google Spain ruling also poses structural issues. Because there are no clear guidelines as to how to obey the right to be forgotten, particularly litigious individuals can still choose to sue Google to get their information removed, should their request through Google’s process be denied.[19] These unclear boundaries can easily lead Google to decide that the cost of litigation is not worth it, and accept more takedown requests than it reasonably should. Such litigation, on top of the burden of being mandated to police their own website, is particularly unfair strain to push onto a private actor, no matter how important they are in today’s world. The right to be forgotten forces Google to answer difficult questions about speech rights and human rights that should not be answered by a private actor, and react in ways that are not necessarily in the best interests of speech rights.

That being said, these problems are not fatal to the right to be forgotten. The European Commission could pass a directive clarifying how to comply best comply with the Google Spain v. AEPD ruling. It could also attempt to eliminate any cause of action against Google by creating a separate type of procedure for takedown requests, such as creating an arbitration body, for such takedown requests.[20]

California’s SB 568, on the other hand, is a much narrower limitation on speech rights. SB 568 limits the right to be forgotten to allowing all minors to delete personal information about them that appears on the Internet. The Internet and social media have become a core part of minors’ lives, with 95% of all teens having an online presence.”[21] In light of issues such as cyber-bullying, and the unfairness of allowing someone’s childhood to impact their future, it is sensible to give such a narrow band of people the right to be forgotten. Such a narrowly carved out exception makes more sense than a broader right to be forgotten, though.

The right to be forgotten highlights many of the themes central to the intersection of the Internet and laws. For example, although Google may be a private actor, its status as the world’s primary search engine may require that we force it to adhere to certain governmental regulations. Given that the Internet is now so ubiquitous to everyday life, it is clear that some individuals’ previous conception of the Internet as an anonymous crypto-anarchic haven be reexamined. However, on the other hand, any regulations must be considered within the scope of the technical capabilities that we have to regulate content on the Internet and the realities of how people behave when using the Internet. Proxies and VPNs, for example, remain popular ways to circumvent domestic Internet filtering. Whether the right to be forgotten as conceived by the ECJ will ever extend outside of Europe remains to be seen.

 


 

[1] C-131/12, Google Spain v. Agencia Española de Protección de Datos, not yet reported.

[2] SB-568, California, http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB568

[3] Id.

[4] Lee, James, SB 568; Does California’s Online Eraser Button Protect the Privacy of Minors?, 48 UCD L. Rev. 1173

[5] Shaheen, Randy and Arredondo-Santistebar, Laura. California Enacts Law Protecting Minors’ Digital Privacy Rights. Venable LLP, (November 24, 2014)

[6] SB-568.

[7] Id.

[8] O’Brien, Danny and York, Jillian. Rights That Are Being Forgotten: Google, the ECJ, and Free Expression. Electronic Frontier Foundation, (July 8, 2014)

[9] Universal Declaration of Human Rights. United Nations, (16 December, 1948)

[10] Ruane, Kathleen. Freedom of Speech and Press: Exceptions to the First Amendment. Congressional Research Service, (September 8, 2014).

[11] The FCC and the Freedom of Speech. Federal Communications Commission, (October 17, 2014)

[12] For example, unlike the US, Canada, France, and Germany all have exemptions for hate speech.

[13] Canadian Charter of Rights and Freedoms, Part I of the Constitutional Act, 1982, being Schedule B to the Canada Act 1982 (UK), 1982, c 11.

[14] W.S. Tarnopolsky, The Canadian Bill of Rights, 2d ed. (Toronto: McClelland and Stewart, 1975).

[15] Floridi, Luciano et. al, The Advisory Council to Google on the Right to be Forgotten, Google, (November 4, 2014)

[16] Id.

[17] C-131/12, Google Spain v. Agencia Española de Protección de Datos, not yet reported.

[18] On the “Right to be Forgotten”; Challenges and Suggested Changes to the Data Protection Regulation, Center for Democracy and Technology, (May 2, 2013) <https://www.cdt.org/files/pdfs/CDT-Free-Expression-and-the-RTBF.pdf>

[19] Id.

[20] On the “Right to be Forgotten”; Challenges and Suggested Changes to the Data Protection Regulation, Center for Democracy and Technology, (May 2, 2013) <https://www.cdt.org/files/pdfs/CDT-Free-Expression-and-the-RTBF.pdf>

[21] Madden, Mary et. al. Teens and Technology 2013, Pew Research Center, (March 13, 2013). < http://www.pewinternet.org/2013/03/13/teens-and-technology-2013/>

March 23 / Computing, Copyright, Featured

On the Legality of Watching Unlicensed TV Streams

By: Monica Rodriguez

According to a September 2014 report by Nielsen, internet streaming has become the obvious choice for a generation on the go—with digital use among persons 18-34 at 16%.[1]  In fact, online video streaming had an increase of close to 60% during the 3rd quarter of 2014 among the same age group.[2]

Nielsen TV streaming Graph

Nielsen, Digital Growth is Fueling an Increase in Media Time.

 

In a world where demand and efficiency rule entertainment, young adults are moving away from traditional television viewing to digital video.  The Wall Street Journal explained that Americans increased web streaming to about 11 hours a month, up from 7 in 2013 and noted that online consumption is likely even higher, as viewing with devices such as the Roku or smartphones are not included.[3]  Although shows like HBO’s Game of Thrones or even the Super Bowl provide streaming on their own websites, in an effort to shift with the trend, many viewers choose to stream from unlicensed third-party streaming providers, citing that the account subscriptions and targeted commercials are major hindrances to their viewing experience.[4]  With the growing number of people who promote the digital platform, one significant question remains—is watching streamed, unlicensed television content even legal?[5]

Although there are many ways to focus on this issue, the most direct seems to be through an examination of copyright law.  17 USC §102(a) explains that copyright protection subsists in original works of authorship fixed on any tangible medium of expression; in other words, copyright protection applies to original works, like television shows, at the moment it is created.[6]  Exclusive rights with current copyright laws include ability to make copies and control distribution for revenue and profits.  However, there is not necessarily a violation of copyright if a “reproduction manifests itself so fleetingly that it cannot be copied, perceived, or communicated;” in other words, the “dividing line can be drawn between reproductions that exist for a sufficient period of time to be capable of being ‘perceived, reproduced, or otherwise communicated’ and those that do not.”[7]  Because of all these rights and limitations, the question of the whether watching unlicensed television streams is legal becomes complicated.

The Associated Press v. Meltwater case, in which daily headlines and bits of newspaper stories on Meltwater had links to the full online articles from the Associated Press as well as others, which made unauthorized copyrighted content available to viewers for free, had two different outcomes in the U.S. and U.K.[8]  While the U.S. focused on Meltwater as the host of infringing content, the European courts ruled that “users who see content online, without actually willingly making a copy of it, should not be held accountable for any resulting copyright infringement.”[9]  Jim Gibson, director of the Intellectual Property Institute at the University of Richmond law school in an article with Business Insider, furthered this concept explaining, “when the user downloads even part of a file—called ‘pseudo-streaming’— it counts as a copy of copyrighted material, which is illegal. And when the user streams content as a ‘public performance’—namely, when it’s shown to a substantial number of people […] it also constitutes a copyright violation.  Outside of these cases, accessing unlicensed streamed content is generally legal.”[10]

On the other hand, the government has been pushing Congress to make online streaming a felony and wants to shift blame to the viewers, declaring, “downloading a copy of the movie ‘Captain America’ illegally is a felony, but if you were to simply stream the same movie illegally it would only be a misdemeanor,’ [Congressman] Nadler [Democrat, New York] said. ‘Does this distinction make sense?”[11] Deputy Assistant Attorney General David Bitkower explained the significance of streaming viewers by pointing to the Megaupload.com case, in which over 150 million registered users (and 50 million daily visitors) would access reproduced and distributed copies of unauthorized content accounting for as much as 4% of all Internet traffic. [12]  Arguing that viewers also have a role in illegal stream watching, the Department of Justice explained that the amount of bandwidth devoted to copyright-infringing video streaming grew by 470% in a two year span beginning in 2010.[13]

In short, the answer to legality of watching streamed, unlicensed television content is that it remains legal, although likely not for long.  This is true for two main reasons—(1) we must account for technological advances like “pseudo-streaming” which currently serve as violation loopholes in copyright law and (2) Congress is making active steps to uniformly shift liability to viewers for both downloading and viewing unlicensed content.  Despite this legal debate, it is important to note that the MPAA (Motion Picture Association of America) seldom pursues litigation against individuals who stream these shows as it is difficult to identify the IP address linked to the illegal activity.[14]

 


 

[1] Nielson, Shifts in Viewing: The Cross-Platform Report Q2 2014 (2014),  

http://www.nielsen.com/us/en/insights/reports/2014/shifts-in-viewing-the-cross-platform-report-q2-2014.html

[2] Wall Street Journal, TV Viewing Slips as Streaming Booms, Nielsen Report Shows (2014),

http://www.wsj.com/articles/tv-viewing-slips-as-streaming-booms-nielsen-report-shows-1417604401

[3] Id.

[4] Christina Sterbenz, How Sketchy Streaming Sites Really Work — And Why Some Are Legal (2014),

http://www.businessinsider.com/are-streaming-sites-legal-2014-4; See also Stephanie Rabiner, Illegal Sports Websites Shut Down by Feds Ahead of Super Sunday (2012), http://blogs.findlaw.com/tarnished_twenty/2012/02/illegal-sports-websites-shut-down-by-feds-ahead-of-super-sunday.html

[5] Supra 4.

[6] 17 U.S.C.A. § 102. (West)

[7] U.S. Copyright Office, DMCA Section 104 Report 111 (August 2001); see also 73 Fed. Reg. at 40808.

[8] BGR, Pirating copyrighted content is legal in Europe, if done correctly( 2014), http://bgr.com/2014/06/05/streaming-movies-and-tv-shows-for-free/; see also Gigaom, You can’t break copyright by looking at something online, Europe’s top court rules (2014) https://gigaom.com/2014/06/05/you-cant-break-copyright-by-looking-at-something-online-europes-top-court-rules/.

[9] Supra 8.

[10] Christina Sterbenz, How Sketchy Streaming Sites Really Work — And Why Some Are Legal (2014),

http://www.businessinsider.com/are-streaming-sites-legal-2014-4

[11] The Hill, DOJ To Congress: Make Online Streaming a Felony (2014), http://thehill.com/policy/technology/213285-doj-to-congress-make-online-streaming-a-felony

[12] U.S. Department of Justice, Statement of David Bitkower Acting Deputy Assistant Attorney General Criminal Division, Copyright Remedies. ( 2014), available at, http://judiciary.house.gov/_cache/files/c2cf069f-5e3d-4449-8614-c05b183fd910/bitkower-doj-remedies-testimony.pdf

[13] Id.

[14] Stephanie Rabiner, Is Streaming or Watching Movies Illegal? (2012), http://blogs.findlaw.com/law_and_life/2012/04/is-streaming-or-watching-movies-illegal.html

November 18 / All Articles, Computing

For Sale Signs In Cyberspace: Whether Federal Rule Of Evidence 408 Should Be Adapted To The Uniform Dispute Resolution Policy For Internet Domain Names To Bar Evidence Of Offers To Settle From Arbitration Proceedings

In 1996, Panavision International, L.P., demanded that Dennis Toeppen stop using the domain name panavision.com because it was identical to the Panavision trademarked name. Toeppen replied that he had a right to the domain name, which he had registered with Network Solutions, Incorporated. [1]

 

If your attorney has advised you otherwise, he is trying to screw you. He wants to blaze new trails in the legal frontier at your expense. Why do you want to fund your attorney’s purchase of a new boat (or whatever) when you can facilitate the acquisition of ‘PanaVision.com’ (sic) cheaply and simply instead? [2]

 

Toeppen had registered a series of well-known, trademarked names as domain names and engaged in the business of attempting to sell the registered domain names to the companies that owned the trademarked names. [3] Toeppen offered to “settle” with Panavision for $13,000.00, in exchange for which he would transfer the registered name and agree not to, “acquire any other Internet addresses which are alleged by Panavision to be its property.” [4]

 

The United States Court of Appeals for the Ninth Circuit, in this ground breaking case, found that Toeppen’s efforts evidenced a commercial use of the domain name and violated both state and federal trademark dilution acts. [5] The court considered Toeppen’s demand for payment in the principle case and in previous cases; [6] in fact, the demand was crucial to the court’s determination that Toeppen was engaged in the business [7] of being a “cyber pirate.” [8]

 

Since the Panavision decision, “cyber pirates” have become known as cybersquatters, and the term has entered the English lexicon. Cybersquatting, at least according to trademark holders and their lawyers involves individuals buying domain names identical or confusingly similar to the trademarks of other entities and demanding payment from the trademark holders for the domain names. [9] The highest levels of American government heard and responded to a call for action against cybersquatters by proposing a system for managing domain names; [10] the Internet Corporation for Assigned Names and Numbers (“ICANN”) followed therefrom. [11]

 

ICANN created a Uniform Dispute Resolution Policy (“UDRP”) [12] to address the “Toeppens” of the world with swift action on behalf of the trademark holders. [13] The UDRP functions through a group of approved arbitration organizations, [14] which, in turn, apply the UDRP through private arbitrators referred to as Panelists in their written opinions. [15] With remarkable ease UDRP Panelists found bad faith registration and use of domain names that were the same as or confusingly similar to trademarked names. Demands similar to Toeppen’s demand to Panavision were fodder for the claims of bad faith. [16] ICANN’s President announced the organization’s delight with the results of the system it had implemented. [17]

 

Yet, in the short time the UDRP Panelists have been creating a new common law for trademark protection on the Internet, the pendulum has begun to swing back to the side of the property speculators – formerly referred to as cybersquatters – who, all of a sudden, found a friend in the battle to protect their personal property rights. Ironically, the friend was one of the very UDRP Panelists who once transferred their domain names with such ease. Panelist Michael DeCicco’s [18] proposal: adopt the United States Federal Rule of Evidence (“FED. R. EV ”) 408 to bar discussions of offers of settlement, between cybersquatters and trademark holders, from consideration in UDRP arbitration proceedings. [19] Presently, not all Panelists in all approved UDRP arbitration groups adopt DeCicco’s position. Some arbitrators explicitly reject his proposal. [20] Yet, the entire tenor of the UDRP process has changed. Now, Panelists characterize requests for payment in excess of out-of-pocket expenses – which were once considered clear evidence of bad faith registration and use – as an “offer to settle;” though such offers are still weighed by most Panelists, the offers are no longer considered clear evidence of bad faith. [21]

 

The shift in characterization creates a higher burden for trademark holders and returns them to their position before the implementation of the UDRP. They are subjected to a system of requirements as strenuous as those used in the United States Federal Courts to prove they are entitled to domain names.

 

But, is adoption of FED. R. EV 408, or even a shift in characterization from “demands for payment” to “offers to settle” appropriate? Ought the arbitrators apply, sua sponte, an American law that may not be recognized by international parties to arbitration? Even if both parties are American domiciliaries, should the same standard of evidence as traditional litigation be applied to a system that was designed to be both quick and efficient via private arbitration? Is that standard of evidence capable of meeting the challenges of a largely anonymous Internet?

 

This article will address these issues. I begin with an explanation of the creation of the UDRP, its impetus and the methodology used in its drafting and adoption. I consider whether adoption of FED. R. EV 408 would be consistent with this history. Next, I turn to Panelist Michael DeCicco’s argument for the adoption of FED. R. EV 408. In the heart of this article, I attempt to evaluate the propriety of DeCicco’s proposal given the character of the Internet. Finally, I conclude with the repercussions on the UDRP if FED. R. EV 408 is adopted and a model case for dealing with offers to settle.

 

R. Jonas Geissler*

November 27 / All Articles, Computing

What A Local Internet Company Can Do About Legal Uncertainty In Cyberspace: A Policy Proposal On How To Deal With The International Jurisdictional, Judgment Enforcement, And Conflict Of Law Problems Posed By The Internet

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of the Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

 

We have no elected government, nor are we likely to have one, so I address you with no greater authority than that which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you posses any methods of enforcement we have true reason to fear. [1]

 

–John Perry Barlow, Declaration of the Independence of Cyberspace

 

John Perry Barlow’s declaration, circa 1990, is typical of the time that it was made. Since then, however, such The Matrix-like hipsters have been shoved aside for the moment by the rush of Banana Republic and Amazon.com shoppers barreling down the information superhighway toward their favorite dotcom. What was once a new frontier beyond the reach of law and order is now a space beginning to look a bit more like the high seas shortly after the establishment of basic maritime and trading norms–or perhaps, in an even more cynical light, an unruly international bazaar in the form of a 24-hour interactive shopping channel. Still, Matrix wannabes aside, the international qualities of the Internet have not ceased to imbue it with multiple levels of legal uncertainty. That is, the jurisdictional quandaries of what are the laws that govern international Internet transactions and/or interactions and can/should enforce them remain uncertain.

 

For example, in the business context, an organization’s website could be violating laws in another country without having ever intended to do so, and, consequently, it may have to submit to a foreign court’s jurisdiction that may take action against it–such as monetary penalties or freezing any assets it may have abroad. The Georgia Institute of Technology found itself in such a situation in 1997 when it was sued by two French language organization in France because its website offered information only in English about its programs. [2] The plaintiffs accused Georgia Tech of violating a 1994 French law that required websites offering “goods and services” in France to be in French.

 

The problem, hence, is that while some legal certainty in Internet business transactions is available through internationally enforceable forum-selection and choice of law agreements between contracting parties, [3] there is no such certainty when international disputes arise outside of a contractual context. Put simply, contractual forum-selection and choice of law clauses alone are not enough to aid an organization’s internet business when unforeseeable foreign regulations–such as fraud, defamation, trademark disputes, language purity, advertising, libel, defamation, obscenity, informational content regulation, and commercial speech laws–suddenly expose it to litigation or harm that is beyond the contractual context and that can be enforced abroad. And, in the converse, such contractual clauses are of little help when a domestic company may need to pursue legal action against another company abroad that may be adversely affecting its e-business (by, for example, posting trade secrets) through a foreign website, without ever having had any contact with the domestic company’s business, website, or its country for that matter.

 

The cause of this problem is that the increasing use of cyberspace to conduct both national and global commerce has shaken up the sovereign state’s historical control over economic and social activity. [4] The very nature of the Internet makes it hard for some countries, like the United States, to apply old models of economic and social regulation to electronic commerce and interaction. The current controversies about individual jurisdictions within nation-states themselves over claims of jurisdiction to tax or haul into court Internet merchants located in other sister jurisdictions illustrate the economic and social regulatory problems the Internet thus poses. [5] For, “there is no central law governing the Internet because there is no central policy-making body that enforces Internet decisions. This creates problems on such issues as jurisdiction, criminal law, evidence, privacy and even human rights.” [6]

 

But, what can a local Internet business company do about this? According to a recent study, by 2005, fifty-seven percent of Internet users worldwide will speak a language other than English. [7] Therefore, what local e-businesses can and must do is to get involved in international policy-making via the political channels they have available domestically. Though lobbying Congress may be easier for big companies, smaller companies can also participate by joining together as an industry. In addition to lobbying Congress, another good place to start, where it doesn’t matter how big or small your company may be, is to begin appealing to and working with government agencies themselves, such as the Federal Trade Commission, that are currently active in pursuing international solutions to these problems. For example, in Boston, the FTC does actually meet with industry representatives and the public to get input on these problems and to report on what the FTC is doing about them. In such a recent workshop, the FTC’s commissioner reported to local e-businesses and the public that:

 

In [its] work … the FTC …. in discussions with [its] international colleagues, the Commission is taking a two-prong approach toward resolution of these issues: (1) laying the groundwork for international recognition of consumer protection laws and creating international treaties defining rules for jurisdiction and choice of law; and (2) self-regulatory initiatives that yield good business practices and facilitate alternative dispute resolution.

 

Both strive to balance our two policy goals: ensuring that consumers receive effective consumer protection and at the same time ensuring that the online medium provides sufficient certainty to businesses to foster commercial growth and development. Any ultimate solution likely will require some combination of these approaches. [8]

 

Thus, such agencies like the FTC are great places to start to pitch policy proposal over what to do with the particular quandaries over jurisdiction in the global internet because not only are they very receptive to local e-business concerns, but because they are also very able to represent such concerns and proposals at the international policy-making level. For, Commissioner Thompson, leads the U.S. delegation to the particular committees of the Organization for Economic Cooperation and Development currently working on international e-business guidelines in their attempts to overcome “the differences between many European countries’ systems of law and our own … in developing consensus of difficult issues like choice of law and jurisdiction.” [9]

 

Accordingly, for the purposes of this very presentation, this project will first focus specifically on what domestic internet companies should know about jurisdiction, enforcement of judgements, and conflict of law issues in cyberspace when a dispute arises outside of the contractual sphere. Second, this presentation will suggest a way to think about law and cyberspace that may be better suited for the task of overcoming the legal uncertainty in cyberspace created by its current jurisdictional, conflict of law, and enforcement of judgements problems. Next, this presentation will brainstorm on how such a theory of approaching governance in cyberspace would work. Then, in section five, this presentation will suggest a policy proposal on how such an approach could be brought down to earth and made a reality. Lastly, in section six, the proposed policy will be applied to a hypothetical example (dealing with content regulation) in which the merits of the proposal’s ability to overcome the jurisdictional, enforcement of judgments, and conflict of law problems posed by the Internet today will be assessed.

 

Javier Beltran*

June 4 / All Articles, Copyright

On-Line Copyright Infringement Liability For Internet Service Providers: Context, Cases & Recently Enacted Legislation

“If you can’t protect what you own–you don’t own anything.” [2] Motion Picture Association of America

“To promote the progress of knowledge on the Internet, those who are building the Net itself need fair and predictable ground rules” [3] U.S. Telephone Association

INTRODUCTION:

The above quotes, the first from a member of the content community and the second from an association representing telephone companies and Internet Service Provider (ISP), highlight the tension that exists between copyright holders and Internet Service Providers concerning the issue of on-line copyright infringement liability. As the Internet has grown, the problem of on-line copyright infringement has developed into an economically significant issue. [4] According to the Motion Picture Association of America, U.S. companies are losing millions per year to on-line copyright pirates, and with the current growth of the Internet, the content community fears that the amount lost to pirates will only increase. [5] The ISP industry, however, while acknowledging its unique position in terms of the Internet, does not want to become a “deep-pocket”, third-party defendant in every on-line copyright infringement lawsuit. The Internet Service Providers have argued that the law’s lack of predictability in this area and its standards for ISP copyright liability over the past few years have caused real concerns for this new and growing industry. [6] ISPs have argued that due to the nature of the Internet and the unique role of the ISP industry, a narrow limitation on copyright infringement liability should be established for Internet Service Providers so that those who are building the Internet will have a clearer sense of how and when they might be held liable for on-line copyright infringement. [7] In turn, they argue that a heightened level of certainty about this issue will help speed the growth of the Internet by encouraging more entrepreneurs to enter the ISP industry. [8]

How fast has the Internet grown? At the end of the Reagan-Bush era, just six years ago, the world of cyberspace consisted of fewer than 50 World Wide Web sites, most of them used by computer scientists and physicists. [9] Today the Internet is no longer just for researchers, and it is expected that within five years international commerce on the Internet could reach $3.2 trillion. [10] The fact is that in the past 72 months the number of Internet users has risen from hundreds to millions of users, and is estimated by some experts to reach perhaps a billion users by the year 2008. [11] In terms of copyright infringement, the commercialization and exponential growth of the Internet create an entirely new set of problems for copyright holders. [12]

In this context, it is understandable why writers, publishers, and researchers often look upon using the Internet as “riding the Tiger.” While the Internet has allowed researchers, educators, artists and publishers to expand their markets at an unprecedented rate, the same technology allows any anonymous and invisible copyright pirate to copy and disseminate instantaneously anything that is displayed on the Internet. Understanding how easy it is to duplicate copyrighted material from the Internet today, the content community has valid concerns about how much easier pirating could be five or ten years from now, and they argue that something must be done now to address this problem. [13]

Recognizing the inherent difficulty of enforcing copyrights against individual Internet users world-wide, some experts have argued that the answer to this problem is placing legal liability for copyright infringement on those who allow and enable Internet copyright pirates to exist, namely the ISPs. [14] It is argued that ISPs profit from the pirates’ use of the Internet, and in comparison to an independent publisher or author, an ISP is in a much better position to police how its subscribers use the Internet. [15] On the other side of the argument, ISPs claim that they are passive carriers similar to telecommunications companies and therefore should be granted some limitation from copyright infringement liability. [16] In addition, they argue that to make ISPs liable could stifle the growth of the Internet. [17]

Others argue that the answers to this problem will come from technological innovations, such as the use of “digital watermarking”, rather than through legal reforms. [18] In addition, the argument has been made that cooperation between ISPs and the content community is what is truly needed to solve this problem. [19] ISPs share the content community’s desire to see the Internet grow, and some believe that the threat of holding ISPs liable for copyright infringement may not be the best way to encourage ISPs to help minimize Internet copyright piracy. [20]

The issue of on-line copyright infringement has been around since the use of the Internet started to expand rapidly in the early 1990’s and has been the subject of extensive federal executive branch activities, court cases, and Congressional action. In the closing days of the 105th Congress, President Clinton signed into law a bill that addressed this issue; Title II of the Digital Millennium Copyright Act, the Online Copyright Infringement Liability Limitation Act of 1998. [21]

This paper will analyze the policy arguments, the court cases, and the legislative process that produced this law.

As for the structure of the paper, the first section will discuss the Clinton Administration’s activities concerning this issue. The second section will briefly address statutory copyright law in general and will put the specific issue of on-line copyright infringement liability in context by analyzing the five leading court cases in this area of law. The third section will address the policy arguments for and against the establishment of a limitation on copyright infringement liability for Internet Service Providers. Lastly, this paper will analyze the final version of the legislation that has been signed into law, and discuss why enacting this bill into law is a step in the right direction for the Internet.

 

Mark E. Harrington [1]

April 8 / All Articles, Computing

A Safe Bet? State Control Of Internet Gambling

Gambling has been a part of American life longer than the Constitution. The first recorded instance of gambling in the English colonies occurred in 1620 with horse races in Virginia. [1] Shortly thereafter came the first instance of government in America addressing the issue of gambling when in 1621 the Plymouth Colony placed restrictions on gambling in that colony. [2] Ever since that time, gambling has been regulated at both the federal and state levels. [3]

With the advent of the Internet, gambling regulations that do not anticipate the use of online gambling are quickly becoming outdated. As individual citizens become increasingly able to bet virtually unrestricted amounts of money via the Internet, state governments that regulate gambling will find it increasingly difficult to maintain their regulatory structures and, at the same time, meaningfully limit such gambling.

This article will specifically address the tension between Internet gambling and state gambling policy (using Colorado law as the primary example of state policy) and will provide a workable solution that could be adapted by the federal government as well as any state that wishes to control Internet gambling. Part I of this comment discusses state gambling policies, mainly through the vehicle of Colorado’s Limited Gaming Act, and compares gambling in Colorado with gambling on the Internet in its current, largely unregulated, form. Part I also demonstrates the tension that is inherent between Internet gambling and regulated gambling under Colorado law. Part II examines multiple proposed solutions that have been put forth by various sources in an effort to ease these tensions. The sources of the solutions include the Internet gambling industry itself, as well as other state governments and the federal government. Finally, Part III of this comment will explore a plan of action that will accommodate the interests of the various parties involved. [4]

 

Scott L. Jones *

January 14 / All Articles, Computing

Not Quite Cryptus Horribilis: 1997’s Developments In The Encyrption Debate Have Pushed Sides Further Apart

In late 1997, at least six bills or amendments on the use of encryption were either introduced or circulated in draft form. Seven congressional committees considered encryption legislation. A clear trend is emerging from these developments. Law enforcement and national security interests favoring restrictions on encryption are quickly growing further apart from civil liberties groups and computer and telecommunications industry associations favoring liberalization of encryption rules. The rifts have grown wide enough to induce at least one interested group to predict that no satisfactory compromise could imminently be possible and to cease advocating the passage of encryption legislation in the short term. This article surveys the current landscape of the encryption debate, and analyzes the major legislative proposals. By identifying their major provisions and policy decisions rather than advocating a particular solution, this article attempts to be a resource for those involved in the ongoing encryption debate.

Adam White Scoville *

October 28 / All Articles, Copyright

Intelligent Agents And Copyright: Internet Technology Outpaces The Law … Again

Intelligent agents, sophisticated computer programs that act on behalf of their users and adjust themselves to users’ behaviors and preferences, may answer the prayers of people who are increasingly overwhelmed by the sheer volume of information available to them on the Internet. [2] Instead of spending frustrating hours “surfing the ‘Net” in search of elusive information, users may soon employ intelligent software agents that gather information efficiently and without need for further human assistance, thereby freeing the user to spend time on more productive, or more leisurely, activities. [3] Still in its infancy, agent software “launches” itself into a computer system, a local-area-network, or the Internet, in order to perform a task or set of tasks requested by the user, such as retrieving information on a particular company or purchasing plane tickets at the lowest price. [4] If sufficiently sophisticated, intelligent agents may be able to “negotiate” with software agents resident in other computer systems, to coordinate, for example, a teleconference between two executives which does not conflict with the schedule of either person. [5]

 

Although agent technology is neither ubiquitous nor yet fully realized, it is nearly certain to play a major role in the way consumers and businesspeople deal with information in the years to come. [6] Indeed, agent software may cause people to rethink their entire approach to receiving information, creating distinctions between mere data and true information. [7] Don Norman, a research fellow at Apple Computer Inc., goes even further, arguing that we do not want data or information – we want knowledge. [8] Norman and others believe that intelligent agents will perform the tedious, time-intensive tasks of data collection and information retrieval, ultimately providing the user with readily-applicable knowledge and perhaps rendering obsolete presently “state-of-the-art” search paradigms, such as the unwieldy World Wide Web. [9]

 

Not surprisingly, any technology that promises to change fundamentally the way information is gathered will raise the eyebrows of the artistically or intellectually creative individuals (and their lawyers) who possess legally granted ownership rights in expressions of this information. [10] To be specific, intelligent agents may retrieve for users, via the Internet, documents, images, video or sound files that are the copyrighted material of another, thus subjecting the user, and/or the user’s employer, to potential legal liability. [11] This seemingly inevitable clash between copyright holders and the users of the Internet, compounded by the injection of intelligent agent technology, presents several novel copyright issues.

 

The core issue, and the issue in which the federal government, industry, academia, and individual computer users are all keenly interested at present, is when, or perhaps whether, the viewing, retrieval, transmission, or transfer of copyrighted files, data or images by users of the Internet constitutes copyright infringement. [12] This issue, until definitively resolved by the courts or legislature, will almost surely lie at the crux of numerous Internet-related copyright lawsuits that will be filed in the months and years to come. [13] Therefore, this paper must, at the outset, explore in depth copyright protection for files on the Internet.

 

Only after addressing this fundamental issue can we delve into our more creative investigation; that is, whether the retrieval of copyrighted computer files via the Internet by an intelligent software agent can be considered infringement by its owner, operator or initiator. Several ancillary issues will also be explored. For example, would the user’s employer, whether a corporation or academic institution, also be exposed to liability for copyright violations, under theories of contributory or vicarious liability? Additionally, would the company who designed, programmed, or owns the copyright to the source and object code for the intelligent agent software face potential liability when its software agents infringe upon copyrights?

 

Michael B. Sapherstein*